[keycloak-user] Relative host possible in redirect URI when using Keycloak appliance?
Stian Thorgersen
stian at redhat.com
Tue Mar 24 02:19:17 EDT 2015
----- Original Message -----
> From: "Guy Davis" <guydavis.ca at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Monday, 23 March, 2015 3:44:56 PM
> Subject: [keycloak-user] Relative host possible in redirect URI when using Keycloak appliance?
>
> Good day,
>
> A few weeks ago, I was deploying auth-server.war inside a JBoss 6.1.0alpha
> instance and using relative URIs for redirects on my registered
> applications. For example, a single redirect uri of '/hello-world/*' meant
> that I could access our app from:
>
>
> * http://localhost:8080/hello-world/
> * https://localhost:8443/hello-world/
> * http://[workstation]:8080/hello-world/
> * https://[workstation]:8443/hello-world/
>
> This was very convenient as we deploy the JBoss container on site for
> customer use via automated installer, so trying to minimize the local
> configurations required is important.
>
> However, as per recent exchanges with Stian, I am now running a separate
> Keycloak appliance instance (Wildfly 8.2), port-shifted by 100, along-side
> our old JBoss instance.
>
> This seems to require that I add 4 separate redirect_uris (above) in order
> for things to work. As well, the latter two require knowledge of the target
> machine's hostname.
>
> I'm wondering if there is a way to use relative host URI, but keep the port
> for application redirect_uri. Or perhaps a hostname placeholder? Possible
> example:
>
>
> * http://${ jboss.host.name }:8080/hello-world/
>
> Any sort of placeholder for the current host-name would simplify the current
> post-install configuration required.
We don't have anything atm that'll let you do that. You could use a proxy to put both the app and Keycloak on the same domain/port, but that might be more setup than you'd like.
If you're using an automated installer you can have it do the job for you though. Use Keycloak's export facility to export the realm and all applications to a json file. Then have your installer modify the redirect-uri for the application directly in the json file, before you import it again into a freshly installed Keycloak server. I'd suggest for an automated installation that'd be good approach in either case.
>
> Thanks,
> Guy
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list